Please let us know! We have implemented Cloudflare as a CDN/Firewall in front of our sites, but because of the amount of code being posted, sometimes a code block is similar to one that an exploit uses, so it triggers a challenge. We've tried to tweak it as much as possible, but if you're continually receiving them, please post here so we can investigate.

We will need the IP, or just post if you're the person having the issue directly after having the issue and the admin can look up your IP, provided it's the same IP as the one having the issue.

Is there any way to just turn off that kind of protection? At least for the wiki? I understand protecting against DDOS's and using CloudFlare as a CDN, but protecting against these kinds of text string exploits should just be a happy bonus, and not a burden. It's happening more and more on the wiki, and there users don't even have the option of using a captcha. They're just flat out blocked, and they don't know why. It happens with totally benign text that doesn't even contain code snippets.

If I'm lucky, someone will ask me about it because they know how to contact me directly, but most people don't do that.

EDIT: I just saw in your other post that wiki users will now get the captcha challenge. That should be enough for us, thanks!

These CAPTCHAs still occur quite frequently in the Tor browser (a browser designed for anonymous web surfing).
Many Cloudflare-infected sites seem to be getting better, but does Kodi have the firewall set particularly strict?

Not sure if it is notable, but Cloudflare also protects the websites for banned addons. It does appear you dodged getting a SSL certificate that throws them in with you, according to the SSL Labs check I just ran.

Did you ever try shopping for other WAF solutions like Incapsula or Sucuri (not related to any but whenever I mention Incapsula on Twitter I get a Like)?